Bug 151108

Summary:

Should never be reached failure in WebCore::ReplaceSelectionCommand::mergeEndIfNeeded

Product:

WebKit

Reporter:

Renata Hodovan <rhodovan.u-szeged>

Component:

HTML Editing

Assignee:

Nobody <webkit-unassigned>

Status:

NEW ---

Severity:

Normal

CC:

bfulgham, cdumez, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Local Build

Hardware:

Unspecified

OS:

Unspecified

Bug Depends on:

Bug Blocks:

116980

Attachments:

Description	Flags
Test	none

Description Renata Hodovan 2015-11-10 10:13:56 PST

Created attachment 265194 [details]
Test

Load the attached test with debug MiniBrowser:

<!DOCTYPE html>
<script>
function f_0() {
    document.designMode = 'on';
    document.execCommand("selectAll");
    document.execCommand("indent");
    document.execCommand("InsertHorizontalRule");
}
</script>
<style>
* {
    display: inline-block;
    background-position: center bottom, center center;
}
</style>
<body onload='f_0()'>a</body>


OS: Ubuntu 15.04 x86_64
Checked build: debug EFL
Checked version: 29ae33c


Backtrace:

SHOULD NEVER BE REACHED
../../Source/WebCore/editing/ReplaceSelectionCommand.cpp(830) : void WebCore::ReplaceSelectionCommand::mergeEndIfNeeded()
1   0x7f566fcae89f WTFCrash
2   0x7f5675f6c684 WebCore::ReplaceSelectionCommand::mergeEndIfNeeded()
3   0x7f5675f6f793 WebCore::ReplaceSelectionCommand::doApply()
4   0x7f56770e1220 WebCore::CompositeEditCommand::applyCommandToComposite(WTF::PassRefPtr<WebCore::EditCommand>)
5   0x7f56770e9bf2 WebCore::CompositeEditCommand::moveParagraphs(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, bool, bool)
6   0x7f56770e8dcf WebCore::CompositeEditCommand::moveParagraph(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, WebCore::VisiblePosition const&, bool, bool)
7   0x7f5675f6c961 WebCore::ReplaceSelectionCommand::mergeEndIfNeeded()
8   0x7f5675f6f793 WebCore::ReplaceSelectionCommand::doApply()
9   0x7f56770e0f4c WebCore::CompositeEditCommand::apply()
10  0x7f56770e0cfd WebCore::applyCommand(WTF::PassRefPtr<WebCore::CompositeEditCommand>)
11  0x7f5675f43a63
12  0x7f5675f43bad
13  0x7f5675f45585
14  0x7f5675f4959e WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const
15  0x7f5675dedd39 WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&)
16  0x7f567752022d WebCore::jsDocumentPrototypeFunctionExecCommand(JSC::ExecState*)
17  0x7f560ffff0c8

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f566fcae8a4 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
321     *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0  0x00007f566fcae8a4 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
#1  0x00007f5675f6c684 in WebCore::ReplaceSelectionCommand::mergeEndIfNeeded (this=0x7f5657290000)
    at ../../Source/WebCore/editing/ReplaceSelectionCommand.cpp:830
#2  0x00007f5675f6f793 in WebCore::ReplaceSelectionCommand::doApply (this=0x7f5657290000) at ../../Source/WebCore/editing/ReplaceSelectionCommand.cpp:1237
#3  0x00007f56770e1220 in WebCore::CompositeEditCommand::applyCommandToComposite (this=0x7f56572fea20, prpCommand=...)
    at ../../Source/WebCore/editing/CompositeEditCommand.cpp:278
#4  0x00007f56770e9bf2 in WebCore::CompositeEditCommand::moveParagraphs (this=0x7f56572fea20, startOfParagraphToMove=..., endOfParagraphToMove=..., 
    destination=..., preserveSelection=false, preserveStyle=true) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:1318
#5  0x00007f56770e8dcf in WebCore::CompositeEditCommand::moveParagraph (this=0x7f56572fea20, startOfParagraphToMove=..., endOfParagraphToMove=..., 
    destination=..., preserveSelection=false, preserveStyle=true) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:1212
#6  0x00007f5675f6c961 in WebCore::ReplaceSelectionCommand::mergeEndIfNeeded (this=0x7f56572fea20)
    at ../../Source/WebCore/editing/ReplaceSelectionCommand.cpp:851
#7  0x00007f5675f6f793 in WebCore::ReplaceSelectionCommand::doApply (this=0x7f56572fea20) at ../../Source/WebCore/editing/ReplaceSelectionCommand.cpp:1237
#8  0x00007f56770e0f4c in WebCore::CompositeEditCommand::apply (this=0x7f56572fea20) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:227
#9  0x00007f56770e0cfd in WebCore::applyCommand (command=...) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:186
#10 0x00007f5675f43a63 in WebCore::executeInsertFragment (frame=..., fragment=...) at ../../Source/WebCore/editing/EditorCommand.cpp:164
#11 0x00007f5675f43bad in WebCore::executeInsertNode(WebCore::Frame &, <unknown type in webkit/WebKitBuild/Debug/lib/libewebkit2.so.1, CU 0x17842d9e, DIE 0x17931fb7>) (frame=..., 
    content=<unknown type in webkit/WebKitBuild/Debug/lib/libewebkit2.so.1, CU 0x17842d9e, DIE 0x17931fb7>)
    at ../../Source/WebCore/editing/EditorCommand.cpp:175
#12 0x00007f5675f45585 in WebCore::executeInsertHorizontalRule (frame=..., value=...) at ../../Source/WebCore/editing/EditorCommand.cpp:470
#13 0x00007f5675f4959e in WebCore::Editor::Command::execute (this=0x7ffe1574b400, parameter=..., triggeringEvent=0x0)
    at ../../Source/WebCore/editing/EditorCommand.cpp:1703
#14 0x00007f5675dedd39 in WebCore::Document::execCommand (this=0x7f5657026a40, commandName=..., userInterface=false, value=...)
    at ../../Source/WebCore/dom/Document.cpp:4657
#15 0x00007f567752022d in WebCore::jsDocumentPrototypeFunctionExecCommand (state=0x7ffe1574b4d0) at DerivedSources/WebCore/JSDocument.cpp:5066
#16 0x00007f560ffff0c8 in ?? ()
#17 0x00007ffe1574b550 in ?? ()
#18 0x00007f566fc57036 in llint_entry () from webkit/WebKitBuild/Debug/lib/libjavascriptcore_efl.so.1

Comment 1 Brent Fulgham 2016-08-04 18:24:54 PDT

This reproduces in r204037.

Comment 2 Brent Fulgham 2016-08-04 18:33:09 PDT

<rdar://problem/27711851>